CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.

Microsoft has released an emergency update to address a critical 0-day bugaffecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.

Nike is currently investigating a potential data breach following claims by the WorldLeaks cybercrime group. The group alleges it has accessed and stolen 1.4TB of data from Nike's systems, raising concerns about consumer privacy and data security.

Cisco has addressed a critical zero-day vulnerability, CVE-2026-20045, in its Unified Communications products. This flaw allows unauthenticated remote attackers to execute arbitrary commands on affected devices.

A ransomware attack has disrupted operations at Kyowon, a major South Korean conglomerate with interests in education, publishing, media, and technology. The attack potentially exposed customer data, affecting approximately 9.6 million accounts.

The PLUGGYAPE malware has been used in cyberattacks targeting Ukraine's defense forces. These attacks are attributed to the Russian-linked group Void Blizzard, also known as Laundry Bear.

Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data.

North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns.

Attackers are abusing misconfigured email routing and spoof protections to send phishing emails that appear to be from within an organization. These emails often use themes like HR notices, password resets, and shared documents to deceive recipients.

A critical vulnerability, CVE-2025-54957, in the Dolby audio decoder has been addressed in the January 2026 Android security update. This flaw affects Dolby DD+ decoders and poses a significant risk to Android devices.